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(57) ABSTRACT 

Initiating a user session at an internet terminal using a smart 
card is provided. An internet terminal is coupled to a server 
system. The internet terminal detects the presence of a smart 
card. The smart card includes a memory such as a program- 
mable ROM (PROM), any form of erasable PROM 
(EPROM) or flash memory having stored therein identifi- 
cation information. The internet terminal reads a unique 
smart card identifier from the smart card and transmits the 
identifier a server. The server locates configuration informa- 
tion associated with a particular user of the server based 
upon the unique smart card identifier. The configuration 
information may include a defined customer environment or 
customer preferences for customizing the operation of the 
internet terminal such as the type of on-screen keyboard 
presented by the internet terminal, the font used by the 
internet terminal for displaying text, background music 
options, and e-mail options. After locating the configuration 
information, the server downloads the configuration infor- 
mation to the internet terminal. Thus, a user is able to initiate 
a user session from any internet terminal coupled to the 
server system and obtain access to the environment and 
preferences associated with the particular user. 

33 Claims, 8 Drawing Sheets 
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INITIATING A USER SESSION AT AN 
INTERNET TERMINAL USING A SMART 
CARD 

RELATED APPLICATIONS 

This application is a continuation of U.S. patent applica- 
tion Ser. No. 08/931,816, entitled "Method and Apparatus 
for Providing Physical Security for a User Account and 
Providing Access to the User's Environment and 
Preferences/* filed Sep. 16, 1997, which is incorporated 
herein by reference, now U.S. Pat. No. 5,983,273. 

BACKGROUND OF THE INVENTION 

1. The Field of the Invention 

The invention relates generally to the field of client -server 
computer networking. More particularly, the invention 
relates to a method and apparatus for providing physical 
security for a user account and supplying access to the 
environment and preferences associated with a particular 
user. 

2. The Prior State of the Art 

The number of people using the Internet and the World 
Wide Web (the Web) has increased substantially in recent 
years. Some Internet users gain access to the services of the 
Internet and the Web through user accounts provided by 
their employer or an educational institution. Others access 
the internet from their home computers through accounts 
supplied by commercial Internet access providers such as 
America Online™, CompuServe™ or the like. In any event, 
these accounts provide only a minimal amount of security 
against intrusion. Typical account security includes merely a 
usemame and a password, typically both chosen by the user. 

One of the disadvantages of these typical Internet access 
accounts is the vulnerability to invasion as a result of the 
poor security. For example, passwords can be cracked by 
password crack programs employing password cracking 
dictionaries or by brute force password guessing programs. 
Further, users are sometimes tricked into disclosing their 
account passwords. For example, individuals purporting to 
be support staff for a particular online service were able to 
convince subscribers to reveal their passwords. 

Internet access providers generally charge an hourly or 
monthly fee for a user account. Due, at least in part, to the 
cost of such an account, many people are still without access 
to the Internet and the Web. In fact, these costs may be 
incentive enough for some people to break into user 
accounts to gain access to the Internet services such as chat 
and electronic mail (e-mail). Others apparently find pleasure 
in gaining access to another's account. 

Based on the foregoing, it is desirable to provide more 
security for user accounts. Specifically, it is desirable to 
provide a mobile mechanism of physical security. Also, it 
would be desirable for the host system to associate user 
preferences and environment with the physical security 
mechanism, thereby making the preferences and environ- 
ment available to the user upon establishing a user session 
by way of the physical security device. 

SUMMARY OF THE INVENTION 

A method and apparatus for providing physical security 
for a user account and supplying access to the environment 
and preferences associated with a particular user are 
described. An internet terminal is coupled to a server system. 
The internet terminal determines whether or not a smart card 
is present, if so, the internet terminal reads identification 
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information from a memory in the smart card and requests 
initiation of a user session by transmitting the identification 
information to a server. Otherwise, if a smart card is not 
present, the internet terminal requests initiation of a user 

5 session by transmitting an identifier that identifies the inter- 
net terminal. In this manner, a user that is not associated with 
an internet terminal may bypass the normal log-in process- 
ing of the internet terminal and request initiation of a user 
session with his/her smart card. 

10 According to another aspect of the present invention an 
internet terminal can be configured by a server. The server 
receives identification information from an internet terminal. 
The identification information uniquely identifies a smart 
card from which it was read. The server locates configura- 

15 tion information associated with a particular user of the 
server based upon the identification information. After locat- 
ing the configuration information, the server downloads the 
configuration information to the internet terminal. 
Advantageously, by employing the smart card, the particular 

20 user's preferences are made available to the user upon 
establishing a user session from another's internet terminal. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The present invention is illustrated by way of example, 
25 and not by way of limitation, in the figures of the accom- 
panying drawings and in which like reference numerals refer 
to similar elements and in which: 

FIG. 1 illustrates several clients connected to a proxying 
30 server in a network. 

FIG. 2 illustrates a client according to one embodiment of 
the present invention. 

FIG. 3 is a block diagram of an Internet terminal accord- 
ing to one embodiment of the present invention used to 
35 implement a Web browser that can be operated by remote 
control. 

FIG. 4 is a block diagram of a server according to one 
embodiment of the present invention. 

FIG. 5 is a block diagram of a server system showing 
d0 relationships between various services and corresponding 
databases according to one embodiment of the present 
invention. 

FIG. 6A illustrates an exemplary customer database 
record according to one embodiment of the present inven- 
tion. 

FIG. 6B illustrates an exemplary favorites database record 
according to one embodiment of the present invention. 

FIG. 7 is a flow diagram illustrating the establishment of 
50 an online user session according to one embodiment of the 
present invention 

FIG. 8 is a flow diagram illustrating service request 
processing according to one embodiment of the present 
invention. 

55 DETAILED DESCRIPTION OF THE 

PREFERRED EMBODIMENTS 

A method and apparatus are described for providing 
physical security for a user account and supplying access to 

60 the environment and preferences associated with a particular 
user. In the following description, for the purposes of 
explanation, numerous specific details are set forth in order 
to provide a thorough understanding of the present inven- 
tion. It will be apparent, however, to one skilled in the art 

65 that the present invention may be practiced without some of 
these specific details. In other instances, well-known struc- 
tures and devices are shown in block diagram form. 
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The present invention includes various steps, which will 
be described below. The steps can be embodied in machine- 
executable instructions, which can be used to cause a 
general-purpose or special-purpose processor programmed 
with the instructions to perform the steps. Alternatively, the 
steps of the present invention might be performed by spe- 
cific hardware components that contain hardwired logic for 
performing the steps, or by any combination of programmed 
computer components and custom hardware components. 

SYSTEM OVERVIEW 

The present invention may be included in a system, 
known as WebTV™, for providing a user with access to the 
Internet. WebTV™ and WebTV Networks™ are trademarks 
of WebTV Networks, Inc. of Mountain View, Calif. A user 
of a WebTV client generally accesses a WebTV server via a 
direct-dial telephone (POTS, for "plain old telephone 
service"), ISDN (Integrated Services Digital Network), or 
other similar connection, in order to browse the Web, send 
and receive e-mail, and use various other WebTV network 
services. The WebTV network services are provided by 
WebTV servers using software residing within the WebTV 
servers in conjunction with software residing within a 
WebTV client. 

FIG. 1 illustrates a basic configuration of the WebTV 
network according to one embodiment. A number of WebTV 
clients 1 are coupled to a modem pool 2 via direct-dial, 
bi-directional data connections 29, which may he telephone 
(POTS, i.e., "plain old telephone service 1 '), ISDN 
(Integrated Services Digital Network), or any other similar 
type of connection. Other connection mechanisms may be 
employed such as cable and satellite forward channels, for 
example. In any event, the modem pool 2 is coupled 
typically through a router, such as thaw conventionally 
known in the art, to a number of remote servers 4 via a 
conventional network infrastructure 3, such as the Internet. 
The WebTV system also includes a WebTV server 5, which 
specifically supports the WebTV clients 1. The WebTV 
clients 1 each have a connection to the WebTV server 5 
either directly or through the modem pool 2 and the Internet 
3. Note that the modem pool 2 is a conventional modem 
pool, such as those found today throughout the world 
providing access to the Internet and private networks. 

Note that in this description, in order to facilitate expla- 
nation the WebTV server 5 is generally discussed as if it 
were a single device, and functions provided by the WebTV 
services are generally discussed as being performed by such 
single device. However, the WebTV server 5 may actually 
comprise multiple physical and logical devices connected in 
a distributed architecture, and the various functions dis- 
cussed below which are provided by the WebTV services 
may actually be distributed among multiple WebTV server 
devices. 

AN EXEMPLARY CLIENT SYSTEM 

FIG. 2 illustrates a WebTV client 1 according to one 
embodiment of the present invention. In this embodiment, 
the WebTV client 1 includes an Internet terminal 10 
(hereinafter referred to as "the WebTV box 10"), an ordinary 
television set 12, and a remote control 11. In an alternative 
embodiment of the present invention, the WebTV box 10 is 
built into the television set 12 as an integral unit. The 
WebTV box 10 includes hardware and software for provid- 
ing the user with a graphical user interface, by which the 
user can access the WebTV network services, browse the 
Web, send e-mail, and otherwise access the Internet. 
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The WebTV client 1 uses the television set 12 as a display 
device. The WebTV box is coupled to the television set 12 
by a video link 6. The video link 6 is an RF (radio 
frequency), S -video, composite video, or other equivalent 

S form of video link. In the preferred embodiment, the client 
1 includes both a standard modem and an ISDN modem, 
such that the communication link 29 between the WebTV 
box 10 and the server 5 can be either a telephone (POTS) 
connection 29a or an ISDN connection 29b. The WebTV 

10 box 10 receives power through a power line 7. 

The WebTV box 10 also includes a SmartCard slot 8 for 
receiving an optional SmartCard 9. The SmartCard 9 may be 
a plastic card that includes a memory chip 13, for example. 
In one embodiment, the memory chip 13 is pre-programmed 

15 with identification information for uniquely identifying the 
SmartCard 9. Preferably, the memory chip 13 is embedded 
within the SmartCard 9. Various semiconductor memories 
may be used for memory chip 13 such as a programmable 
ROM (PROM), any form of erasable PROM (EPROM) or 

2 q Hash memory. It will be recognized that numerous other 
storage devices are suitable for use as the memory chip 13. 
Since portability is important, preferably, the SmartCard 9 is 
the size of a typical credit card. In alternative embodiments, 
the SmartCard 9 may additionally include one or more 

25 microprocessors and/or additional memory chips such as a 
random access memory (RAM), for example. Further, to 
facilitate reusability of SmartCards, the unique identification 
information may be generated by a centralized authority and 
previously stored SmartCard identification information may 

30 be overwritten. 

In the embodiment depicted, the user may operate remote 
control 11 to control the WebTV client 1 in browsing the 
Web, sending e-mail, and performing other Internet- related 
functions. The WebTV box 10 receives commands from 

35 remote control U via an inflated (IR) communication link. 
In alternative embodiments, the link between the remote 
control 11 and the WebTV box 10 may be RF or any 
equivalent mode of transmission. 

FIG. 3 is a block diagram of the internal features of the 

40 WebTV box 10 according to one embodiment of the present 
invention. In this embodiment, operation of the WebTV 
client 1 is controlled by a central processing unit (CPU) 21 
which is coupled to an Application-Specific Integrated Cir- 
cuit (ASIC) 20. The CPU 21 executes software designed to 

45 implement features of the present invention. ASIC 20 con- 
tains circuitry which may be used to implement certain 
features provided by the WebTV client 1. ASIC 20 is 
coupled to an audio digital-to-analog converter 25 which 
provides audio output to television 12. In addition, ASIC 20 

50 is coupled to a video encoder 26 which provides video 
output to television set 12. An IR interface 24 detects IR 
signals transmitted by remote control 11 and in response, 
provides corresponding electrical signals to ASIC 20. ASIC 
20 is further coupled to a SmartCard interface 31. The 

55 SmartCard interface detects the presence of a SmartCard 
such as SmartCard 9 and signals the ASIC 20 accordingly. 
A standard telephone modem 27 and an ISDN modem 30 are 
coupled to ASIC 20 to provide connections 29a and 29/?, 
respectively, to the modem pool 2 and, via the Internet 3, to 

60 the remote servers 4. Note that the WebTV box 10 also may 
include a cable television modem (not shown). 

Also coupled to ASIC 20 is Read-Only Memory (ROM) 
22, which provides storage of program code for implement- 
ing the application software to be executed by the WebTV 

65 box 10. Note that ROM 22 may be a programmable ROM 
(PROM) or any form of erasable PROM (EPROM) or Flash 
memory. Also coupled to ASIC 20 is Random Access 
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Memory (RAM) 23. A mass storage device 28 may option- 
ally be provided and coupled to ASIC 20. The mass storage 
device 28 may be used to input software or data to the client 
or to download software of data received over network 
connection 29. The mass storage device 28 includes any 
suitable medium for storing machine-executable 
instructions, such as magnetic disks, optical disks, and the 
like. 

AN EXEMPLARY SERVER SYSTEM 

The WebTV server 5 generally includes one or more 
computer systems generally having the architecture illus- 
trated in FIG. 4. It should be noted that the illustrated 
architecture is only exemplary; the present invention is not 
constrained to this particular architecture. The illustrated 
architecture includes a central processing unit (CPU) 50, 
random access memory (RAM) 51, read-only memory 
(ROM) 52, a mass storage device 53, a modem 54, a network 
interface card (MC) 55, and various other input/output (I/O) 
devices 56. Mass storage device 53 includes a magnetic, 
optical, or other equivalent storage medium. 1,0 devices 56 
may include any or all of devices such as a display monitor, 
keyboard, cursor control device, etc. Modem 54 is used to 
communicate data to and from remote servers 4 via the 
Internet. 

As noted above, the WebTV server 5 may actually com- 
prise multiple physical and logical devices connected in a 
distributed architecture. Accordingly, MC 55 is used to 
provide data communication with other devices that are part 
of the WebTV services. Modem 54 may also be used to 
communicate with other devices that are part of the WebTV 
5 services and which are not located in close geographic 
proximity to the illustrated device. 

EXEMPLARY SERVICES, DATABASES, 
CUSTOMER PREFERENCES, AND 
ENVIRONMENT 

As shown in FIG. 5, a WebTV server 5 may provide a 
number of services such as a setup service 510, a log-in 
service 515, a favorites service 520, and a mall service 525. 
Each service may be associated with one or more persistent 
databases where customer information may be stored such 
as customer preferences related to the particular service. 
Note the specific choice of services and databases for this 
example is illustrative only. In this example, a setup database 
530 is associated with the setup service 510, a customer 
database 540 is associated with the log-in service 515, a 
favorites database 545 is associated with the favorites ser- 
vice 520, and a mailbox 550 and an address book database 
555 are associated with the nail service 525. In alternative 
embodiments, more or less services and databases may be 
provided. Also, while these services are shown as being 
provided by a single WebTV server 5, it should be appre- 
ciated that the services and databases may be distributed 
among one or more servers. 

In this embodiment, the log-in service 515 is used spe- 
cifically to control initial log-on procedures by a client 1. 
The log-in service 515 has exclusive access to the customer 
database 540. As will be discussed further with respect to 
FIG. 6A, the customer database 540 may store various 
information pertaining to each authorized user of a client 1 
such as a unique customer id, and other information used to 
control certain features relating to access privileges and 
capabilities of the user. This information may be used to 
regulate initial access to the WebTV service during the 
establishment of a user sessioD, as well as to facilitate access 
to the individual services provided by the WebTV service. 
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The setup service 510 provides the user with the ability to 
customize the operation 5 of the WebTV box 10. An 
exemplary set of customer preferences may include the 
following: the type of on-screen keyboard presented by the 

5 WebTV box 10; the font used for displaying text on the 
display device 12; background music options, and e-mail 
options. With respect to the on-screen keyboard, the user 
may indicate his/her preference between a traditional key- 
board (e.g., QWERTY) or an alphabetical keyboard (e.g. a, 

30 b, c, d, etc.), for example. Regarding the font used for 
displaying text, the user may indicate preferences relating 
the font size such as small, medium, or large font size. With 
respect to background music options, the user may choose 
whether background music is enabled or disabled and if 

15 enabled, the preferred type of background music may be 
selected. E-mail preferences may include the listing order of 
e-mail messages (e.g., newest to oldest, oldest to newest, 
etc.), a text signature to be appended to outgoing e-mail 
messages, and addressing options (e.g., whether a carbon 

20 copy line should be included on outgoing e-mail messages). 
These customer preferences may be maintained by the setup 
service 510 and made available to the WebTV box 10 when 
a user session is established. For example, to help the user 
feel at home while connected to the WebTV service through 

25 another's WebTV box 10, the customer preferences associ- 
ated with the particular user may be downloaded to the 
WebTV box 10 from the setup service 510 when a user 
session is established. The customer preferences for each 
user may be conveniently stored in a database such as the 

3 q setup database 530. The preferences may be accessed from 
the database using a unique customer ID associated with the 
user, for example. Such a unique id may be stored in the 
customer database 540 as discussed further with respect to 
FIG. 6A. 

35 Having described customer preferences related to the 
operation of the WebTV box 10, exemplary elements of a 
user's environment will now be described. The environment 
may include preferences and other data related to a particu- 
lar user's account. In this embodiment, information regard- 

40 ing a particular user's environment is also maintained in one 
or more persistent databases on one or more WebTV servers 
5. An exemplary user environment may include information 
pertaining to favorite Web pages and/or e-mail such as 
stored or newly received e-mail messages and an e-mail 

45 identifier. 

In the embodiment depicted, the favorites service 520 
tracks a user's favorite or preferred Web pages. Each user 
may have an individual favorites list. Essentially, the favor- 
ites service 520 acts as a book mark facility allowing the 

50 user to mark certain favorite Web pages. Further, the favor- 
ites service 520 provides a way to jump to those favorite 
Web pages. When a user indicates a Web page being 
displayed is a "favorite," it is added to the user's list of 
favorites and stored in a database such as the favorites 

55 database 545. Additionally, the favorite Web pages may be 
organized into user-defined categories. For example, a user 
might have a set of favorite pages including Web pages 
providing real-time stock quotes, portfolio valuations, and 
financial news grouped in a category labeled "financial 

60 information." Like the setup database 530, the favorites 
database 545 may be organized by customer id. An exem- 
plary favorites database record will be discussed below. 

The mail service 525 provides functions to support send- 
ing and retrieving e-mail The mailbox 550 may store a list 

65 of new e-mail and a list of stored e-mail for each user. The 
mailbox 550 may be organized by the user's e-mail identifier 
or by customer id. Each user may maintain e-mail address 
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lists in an address book database 555. As above, the e-mail 
address lists stored in the address book database 555 may be 
accessed by the user's customer id. Each e-mail address list 
record may contain an e-mail address for a individual and a 
name to be associated with the address, for example. 

A TYPICAL LOG-IN SCENARIO 

A typical log-in scenario involves a client 1 requesting 
access to the WebTV service by transmitting an embedded 
silicon id that uniquely identifies the WebTV box 10 to the 
log-in service 515. Therefore, the WebTV box 10 itself 
serves as one level of physical security. A user's account 
cannot be accessed without at least his/her WebTV box 10 
or SmartCard 9. A SmartCard 9 log-in scenario is discussed 
below. 

In any event, upon receiving the silicon id, the log-in 
service 515 consults the customer database 540 to determine 
if access to the server 5 by this particular WebTV box 10 is 
authorized. Assuming access is authorized, the log-in service 
515 determines the user(s) associated with the WebTV box 
10 and transmits a log-in screen which is presented to the 
user by the WebTV box 10 via the display device 12. The 
log-in screen displays the usernames of the authorized users 
of the WebTV box 10. When the user selects one of the 
displayed usernames and enters an optional password asso- 
ciated with his/her account, a log-on request is transmitted 
to the log-in service 515. In response to the log-on request 
by the WebTV box 10, the log-in service 515 consults the 
customer database 540 to verify the user password. 

TICKET GENERATION 

Assuming the correct password has been entered by the 
user, the log-in service 515 proceeds to retrieve information 
pertaining to the particular user from the customer database 
540. The log-in service 515 then generates a "ticket" 560, 
which is an information packet including the retrieved 
information. The ticket 560 is then provided to the WebTV 
box 10 that requested access. The ticket 560 includes 
information identifying the access privileges of a particular 
user with respect to services provided by the server 5. 

For example, the ticket 560 may include the username of 
the user operating the client 1, the real name of the user, the 
customer id associated with the user, and any filtering 
requested by the user with respect to viewing Web sites. As 
will be discussed further below, when the user makes a 
service request (e.g., a request to access to one of the 
services), the client 1 may submit a copy of the ticket 560 
to that service. 

AN EXEMPLARY CUSTOMER DATABASE 
RECORD 

FIG. 6 A illustrates an exemplary customer database 
record according to one embodiment of the present inven- 
tion. In this example, each record in the customer database 
540 includes a silicon ID 605, a collection of subscriber 
information 610, a customer ID 615, a username 620, a 
password 625, a SmartCard ID 630, and a SmartCard 
password 635. As discussed above, the silicon ID 605 is an 
identifier such as a serial number that uniquely identifies a 
particular WebTV box 10. Because multiple users may share 
a WebTV box 10, in this embodiment, there is a one-to-many 
relationship between the silicon ID 605 and the fields 
associated with a particular user. The subscriber information 
610 may include such information as administrative and 
billing data for a particular user including the user's real 
name, a credit card number, the user's address and phone 
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number, etc. The customer ID 615 is an identifier such as a 
serial number that uniquely identifies a particular user of the 
WebTV service. The username 626 is a name the user has 
chosen to associate with his/her account. The username 626 

5 may serve as the user's e-mail identifier within a particular 
domain. For example, a user having the username "merlin" 
might have an e-mail address of merhn@webtv.net. The 
password 625 is optional, if a user chooses to assign a 
password to his/her account, then the WebTV service will 

10 require its entry upon log-in and perform appropriate vali- 
dation before generating the ticket 560. The SmartCard ID 
630 is also optional. Preferably, a separate SmartCard pass- 
word 635 is associated with the SmartCard ID 630. 
However, the 10 password 625 may be used for both the user 

15 password and the SmartCard password 635. 

In any event, if a user has associated a SmartCard 9 with 
his/her account, then identification information stored on the 
SmartCard 9 such as an identification number for uniquely 
identifying the SmartCard 9 may be stored in a field in the 

20 customer record associated with that user such as the Smart- 
Card ID 630. In this manner, a translation may be performed 
from a particular SmartCard ID 630 to a customer ID 615, 
thereby allowing the WebTV service to identify a particular 
user at log-in and produce a ticket 560 without reference to 

X the silicon ID 605 of the user's WebTV box 10. Therefore, 
as will be discussed further below, one advantage of asso- 
ciating a SmartCard 9 with a given user customer record in 
the customer database 540, is that the user can log-in to the 
WebTV service from any available client 1 such as one that 

30 might be provided by a hotel in each of its rooms for the 
benefit of its patrons. Thus, the user is not limited to logging 
in to the WebTV service from his/her WebTV box 10. 
Additionally, as will be explained further below, the user 
will automatically have access to his/her preferences such as 

35 those stored in the setup database 530 and his/her environ- 
ment such as favorites and e-mail upon establishing a user 
session with a SmartCard 9. 

AN EXEMPLARY FAVORITES DATABASE 
40 RECORD 

FIG. 6B illustrates an exemplary favorites database record 
according to one embodiment of the present invention. In 
this example, each record in the favorites database 545 

45 includes the customer ID 615, a list of favorite uniform 
resource locators (URLs) 645, a list of favorite tides 650 
each tide corresponding to a URL in a list of favorite URLs 
645, and a list of favorite thumbnails 655 each thumbnail 
corresponding to a particular URL in 10 the list of favorite 

50 URLs 645. The list of favorite URLs 645 is a list including 
one or more URLs the user has designated as a "favorite." 
When the user designates a Web page as a favorite site, the 
URL, of the Web page is stored in the list of favorite URLs 
645 associated with the customer id 615 of the user. In this 

55 embodiment, a tide of the Web page is also stored in the list 
of favorite tides 650. Further, a thumbnail image of the Web 
page may be stored in the list of favorite thumbnails 655. In 
this manner, when the user requests his/her favorite URLs, 
they may be graphically depicted with thumbnail images and 

60 tides. To jump to a favorite Web page, the user may select 
a thumbnail image corresponding to the Web page he/she 
desires. The server 5 may then request the URL associated 
with the thumbnail image selected. 

SMARTCARD LOG-IN 

65 

In the log- in scenario discussed above, a silicon id asso- 
ciated with the user's WebTV box 10 was used to access the 
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customer database 540 to generate the ticket 560. However, 
insertion of the SmartCard 9 inhibits the normal log-in 
processing sequence that involves the WebTV box 10 trans- 
mitting its silicon id to the log-in service 515, thereby 
allowing a user session to be initiated by someone other than 
the users associated with the particular the WebTV box 10. 
Rather, when a user logs into the WebTV service using a 
SmartCard 9, identification information stored on the Smart- 
Card 9 is used to initially access the customer database 540 
rather than the silicon id of the particular WebTV box 10 
employed. The log-in service 515 may search the customer 
database for a SmartCard ID 630 matching the identification 
information provided during log-in. Upon finding the appro- 
priate customer record, the log-in service 515 can retrieve 
the customer ID 615 corresponding to the identification 
information. Once the log-in service 515 has determined the 
customer ID 615 associated with the SmartCard 9, ticket 
generation may proceed as discussed above. 

FIG. 7 is a flow diagram illustrating the establishment of 
an online user session according to one embodiment of the 
present invention. At step 705, the WebTV box 10 detects 
the presence of a SmartCard 9 that has been inserted into the 
SmartCard slot 8. For example, SmartCard interface 31 may 
detect the presence of the SmartCard 9 and generate an input 
event. 

At step 710, input processing is performed. In this 
embodiment, the WebTV box 10 may be in one of two high 
level states: powered down or powered up. When the 
WebTV box 10 is powered up, it may be sleeping or awake. 
In the powered up state, the WebTV box 10 may additionally 
be either disconnected or connected. In the powered down 
state, power may be limited to the particular circuitry of the 
WebTV box 10 necessary to detect input events such as 
those indicating the power button has been depressed or 
indicating the insertion of a SmartCard 9. In the sleeping 
state, a screen-saver may be active to prevent damage to the 
display device 12. In the disconnected state, the WebTV box 
is not in communication with the WebTV Service. In the 
connected state, the WebTV box 10 is in communication 
with the WebTV Service and may additionally have a ticket 
560 stored in RAM 23. The input processing may include 
transitioning from the current state to a new state. For 
example, if the WebTV box 10 is in the powered down state 
when the SmartCard 9 is detected the WebTV box 10 may 
transition to the powered up state. Moreover, when the 
SmartCard 9 is detected, the sleeping state may give way to 
the awake state (e.g., the screen -saver may be deactivated). 

At step 715, the identification information is read from the 
SmartCard 9. Subsequently, at step 720, the identification 
information is transmitted to a server 5 such as a server 
providing the log-in service 515. 

At step 725, the log-in service 515, with reference to the 
customer database 540, determines if the identification 
information is associated with an authorized user of the 
WebTV Service, if the identification information is not 
found, processing continues with step 730. Otherwise, if the 
identification information is found, processing continues 
with step 735. 

At step 730, the SmartCard 9 identification information is 
not currently associated with a customer record in the 
customer database 540. At this point, the user may choose to 
have the log-in service 515 perform SmartCard 9 initializa- 
tion processing. The initialization processing may include 
storing the SmartCard 9 identification information in the 
SmartCard D 630 of the customer record corresponding to 
the user. In this manner, during subsequent SmartCard 9 
log-in attempts, the identification information will be found 
in step 725. 
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At step 735, the identification information has been found 
in a customer record. The log-in service 515 may require 
entry of a password before a ticket 560 is generated, if a 
password is associated with the SmartCard 9. If the identi- 

s fication information is not authenticated by the correct 
password, log-in will be denied and no user session will be 
established. However, if the correct password is entered, a 
ticket 560 will be generated as described above and trans- 
mitted to the client 1 at step 740. 

10 At step 745, the client 1 receives the ticket 560 and stores 
it for future service access requests. The ticket 560 may be 
stored in a memory of the WebTV box 10 such as RAM 23. 

At step 750, configuration information is downloaded to 
the client 1. Configuration information may include cus- 

15 tomer preferences associated with the particular user. The 
configuration information may be useful for tailoring certain 
operations of the internet terminal to the liking of a particu- 
lar user. As discussed above, the setup service 510 may 
retrieve the customer preferences from a database such as 

20 the setup database 530 using the customer id in the ticket 
560. At step 760, the client may store the client configuration 
information in a memory of the WebTV box 10 such as 
RAM 23. 

Advantageously, the association of a SmartCard 9 with a 
25 user account provides a mobile mechanism for accessing the 
account while maintaining physical security. Additionally, 
the SmartCard 9 makes the user's preferences and environ- 
ment accessible even when the user logs in to the WebTV 
service from a WebTV box 10 other than his/her own. For 
30 example, alter the configuration information is downloaded 
in step 750, the particular WebTV box 10 employed will act 
in accordance with the user's previously established cus- 
tomer preferences. 

35 SERVICE REQUEST PROCESSING 

FIG. 8 is a flow diagram illustrating service request 
processing according to one embodiment of the present 
invention. In this embodiment, when the user makes a 
service request, the client 1 submits a copy of the ticket 560 
to that service. The requested service may then determine 
from the copy of the ticket 560 whether access to that service 
by the user is authorized and, if so, any important informa- 
tion relating to such access. Further, information in the copy 
of the ticket 560 may be useful for facilitating the processing 
of the user's particular service request. 

At step 810, a service request and a copy of the ticket 560 
are transmitted to a server 5 such as one providing the mail 
service 525. The ticket 560 may have been generated in 
50 response to either the typical log-in scenario (i.e., the user 
logging in from his/her WebTV box 10) or the SmartCard 
log-in scenario (e.g., the user logging in from the WebTV 
box 10 of another). 

At step 820, the server 5 processes the service request 
55 with reference to the information stored in the ticket 560. 
For example, if the service request is to view new e-mail 
messages, the mail service 525 may use the e-mail identifier 
in the ticket 560 to retrieve the user's e-mail from the 
mailbox 550. 

60 At step 830, the server S transmits the results of the 
service request to the client I. For example, the server 5 may 
compose a page of Hypertext Markup Language (HTML) 
including a list of newly received e-mail messages, in 
response to a user request to read his/her mail 

65 Thus, it should be appreciated, the WebTV service will 
respond to service requests in the manner defined by the 
user's environment whether the user has logged-in to the 
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WebTV service from his/her WebTV box 10 or from another 
WebTV box 10 employing a SmartCard 9. 

In the foregoing specification, the invention has been 
described with reference to specific embodiments thereof. It 
will, however, be evident that various modifications and 
changes may be made thereto without departing from the 
broader spirit and scope of the invention. The specification 
and drawings are, accordingly, to be regarded in an illus- 
trative rather than a restrictive sense. 

What is claimed and desired to be secured by United 
States Letters Patent is: 

1. In an internet terminal coupled with a server system, a 
method of initiating a user session with the server system 
from the internet terminal, the method comprising the acts 
of: 

identifying the presence of a smart card in the internet 
terminal; 

requesting initiation of a user session by reading identi- 
fication information from a memory of the smart card 
and transmitting the identification information to the 
server system; and 

receiving and storing, at the internet terminal, a ticket for 
use in accessing various services, the ticket having 
been generated in a process at the server system that 
includes: 

the server system using the identification information to 
access a customer database maintained at the server 
system in order to find a customer record which 
includes at least a smart card identifier and a cus- 
tomer identifier, thereby determining that the iden- 
tification information read from the smart card is 
associated with an authorized user of the server 
system; and 

the server system generating the ticket, wherein the 
ticket includes information from the customer 
record. 

2. The method of claim 1, further including the act of the 
internet terminal transmitting the ticket with a service 
request, in response to which the server system processes the 
service request with reference to the information stored 
within the ticket. 

3. The method of claim 2, wherein the server system 
processing the service request comprises the server system 
retrieving a list of favorite web sites associated with the 
authorized user. 

4. The method of claim 2, wherein the server system 
processing the service request comprises the server system 
retrieving a list of electronic mail based on an electronic 
mail identifier included in the information stored within the 
ticket. 

5. The method of claim 1, wherein the ticket has been 
generated in a process at the server system that further 
includes: 

the server system locating configuration information asso- 
ciated with the authorized user of the server system 
based on the identification information; and 

the server system downloading the configuration infor- 
mation to the internet terminal. 

6. The method of claim 5, wherein the configuration 
information includes information identifying one or more 
background music preferences. 

7. The method of claim 5, wherein the configuration 
information includes information identifying one or more 
font preferences. 

8. The method of claim 5, wherein the configuration 
information includes information identifying one or more 
on-screen keyboard preferences. 
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9. The method of claim 5, wherein the configuration 
information includes information identifying one or more 
electronic mail preferences. 

10. The method of claim 1, wherein the internet terminal 
5 has a current state, and the method further includes the act 

of the internet terminal performing input processing based 
on the current state. 

11. The method of claim 10, wherein the act of performing 
input processing based on the current state further includes 

10 the act of the internet terminal opening a connection with the 
server system if the current state of the internet terminal is 
disconnected. 

12. The method of claim 10, wherein the act of perform- 
ing input processing based on the current state further 

15 includes the act of the internet terminal powering itself up if 
the current state of the internet terminal is powered down. 

13. The method of claim 10, wherein the act of perform- 
ing input processing based on the current state further 
includes the act of the internet terminal waking up by 

20 suspending the screen-saver if the current state of the 
internet terminal is sleeping. 

14. In a computer network that includes a plurality of 
servers logically connected in order to provide access to one 
or more internet sites, and a plurality of internet terminals 

25 connectable to one or more of the servers, a method of 
permitting a particular authorized user to log on to the 
computer network from any of the internet terminals inde- 
pendently of any internet terminal identifier associated with 
any internet terminal, the method comprising the acts of: 
30 maintaining at one or more of the plurality of servers 
unique customer identifiers associated with authorized 
users of the computer network; 
maintaining at said one or more servers unique smart card 
identifiers associated with a plurality of smart cards, 
35 each of the plurality of smart cards being associated 
with one of the authorized users of the computer 
network, the unique customer identifiers and the unique 
smart card identifiers being linked at said one or more 
servers; 

40 receiving, at a particular server included in said one or 
more servers, the unique smart card identifier associ- 
ated with one of the plurality of smart cards, the unique 
smart card identifier having been read from said one of 
the plurality of smart cards at a selected internet 

45 terminal into which said one of the plurality of smart 
cards has been inserted, said one of the plurality of 
smart cards being associated with a particular autho- 
rized user; 

5Q at the particular server, using the received unique smart 
card identifier to find the unique customer identifier 
associated with the particular authorized user in order 
to initiate a user session for the particular authorized 
user, and 

55 establishing the user session without regard to any inter- 
net terminal identifier associated with the selected 
internet terminal. 

15. The method of claim 14, further comprising, prior to 
the act of receiving the unique smart card identifier, the acts 

60 0f: 

the selected internet terminal reading the unique smart 
card identifier associated with said one of the plurality 
of smart cards from a semiconductor memory of said 
one of the plurality of smart cards; and 
65 the selected internet terminal transmitting the smart card 
identifier associated with said one of the plurality of 
smart cards to the particular server. 
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16. The method of claim 14 further comprising the acts of: 
at the particular server, using the unique smart card 

identifier to locate configuration information associated 
with the particular authorized user; and 
downloading the configuration information from the par- 5 
ticular server to the selected internet terminal. 

17. The method of claim 16, wherein the configuration 
information tailors one or more operations of the selected 
internet terminal to the particular user. 

18. The method of claim 16, wherein the configuration 10 
information includes information identifying one or more 
background music preferences. 

19. The method of claim 16, wherein the configuration 
information includes information identifying one or more 
font preferences. 15 

20. The method of claim 16, wherein the configuration 
information includes information identifying one or more 
on-screen keyboard preferences. 

21. The method of claim 16, wherein the configuration 
information includes information identifying one or more 20 
electronic mail preferences. 

22. The method of claim 14, further comprising the acts 

of: 

locating at said particular server account information for 
the particular authorized user; and thereafter 

responding to subsequent service requests from the 
selected internet terminal in a manner determined by an 
environment associated with the account information. 

23. The method of claim 22, wherein the environment 
includes a set of favorite web sites, and the act of responding 
to subsequent service requests further includes the acts of: 

the selected internet terminal making a request for favor- 
ite web sites; and 

responsive to the request, one of the plurality of servers 35 
transmitting the set of favorite web sites. 

24. The method of claim 22, wherein the environment 
includes a set of electronic mail addresses. 

25. The method of claim 24, further comprising the acts 
of: 40 

the selected internet terminal making a request to com- 
pose an electronic mail message; and 

responsive to the request, one of the plurality of servers 
transmitting information representing the set of elec- 
tronic mail addresses. 45 

26. The method of claim 22, wherein the environment 
includes an electronic mail identifier by which electronic 
mail can be received from the Internet. 

27. The method of claim 26, wherein the environment 
includes a set of electronic mail messages addressed to the so 
electronic mail identifier. 

28. A computer program product for implementing, in an 
internet terminal coupled with a server system, a method of 
initiating a user session with the server system from the 
internet terminal, the computer program product compris- ss 
ing: 

a computer-readable medium carrying executable instruc- 
tions that, when executed, are capable of performing 
the acts of: 

identifying the presence of a smart card in the internet 60 
terminal; 

requesting initiation of a user session by reading iden- 
tification information from a memory of the smart 
card and transmitting the identification information 
to the server system; and 65 

receiving and storing, at the internet terminal, a ticket 
for use in accessing various services, the ticket 



having been generated in a process at the server 
system that includes: 

the server system using the identification informa- 
tion to access a customer database maintained at 
the server system in order to find a customer 
record which includes at least a smart card iden- 
tifier and a customer identifier, thereby determin- 
ing that the identification information read from 
the smart card is associated with an authorized 
user of the server system; and 

the server system generating the ticket, wherein the 
ticket includes information from the customer 
record. 

29. The computer program product of claim 28, wherein 
the executable instructions, when executed, are further 
capable of performing the act of initiating transmission of 
the ticket to the server system with a service request, 

30. The computer program product of claim 28, wherein 
the executable instructions, when executed, are further 
capable of performing the act of receiving configuration 
information associated with the authorized user of the server 
system, the configuration information having been generated 
in a process at the server system that includes: 

the server system using the identification information to 
access a customer database maintained at the server 
system in order to locate the configuration information 
associated with the authorized user; and 

the server system downloading the configuration infor- 
mation to the internet terminal. 

31. A computer program product for implementing, in a 
server included in a computer network, the server being 
logically connected to an internet terminal and providing the 
internet terminal with access to one or more internet sites, a 
method of permitting a particular authorized user to log on 
to the computer network from the internet terminal inde- 
pendently of any internet terminal identifier associated with 
the internet terminal, the computer program product com- 
prising: 

a computer-readable medium carrying executable instruc- 
tions that, when executed, are capable of performing 
the acts of: 

storing unique customer identifiers associated with 
authorized users of the computer network; 

storing unique smart card identifiers associated with a 
plurality of smart cards, each of the plurality of smart 
cards being associated with one of the authorized 
users of the computer network, the unique customer 
identifiers and the unique smart card identifiers being 
linked at the server; 

receiving the unique smart card identifier associated 
with one of the plurality of smart cards, said one of 
the plurality of smart cards having been inserted into 
the internet terminal and the unique smart card 
identifier associated with said one of the plurality of 
smart cards having been read at the internet terminal, 
said one of the plurality of smart cards being asso- 
ciated with a particular authorized user; 

using the received unique smart card identifier to find 
the unique customer identifier associated with the 
particular authorized user in order to initiate a user 
session for the particular authorized user; and 

establishing the user session without regard to any 
internet terminal identifier associated with the inter- 
net terminal. 

32. The computer program product of claim 31, wherein 
the act of using the received unique smart card identifier to 
find the unique customer identifier associated with the 
particular user comprises the acts of: 
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locating configuration information associated with the 
particular user based on the unique smart card identifier 
associated with said one of the plurality of smart cards; 
and 

downloading the configuration information to the internet s 
terminal. 

33. The computer program product of claim 31, wherein 
the act of using the received unique smart card identifier to 
find the unique customer identifier comprises the acts of: 
using the received smart card identifier to access a cus- 30 
tomer database maintained at the server in order to find 
a customer record which includes the unique smart card 



114 Bl 

16 

identifier associated with said one of the plurality of 
smart cards and the unique customer identifier associ- 
ated with the particular authorized user, thereby deter- 
mining that the received smart card identifier is asso- 
ciated with an authorized user of the computer network; 
generating a ticket for use in accessing various services, 
wherein the ticket includes information from the cus- 
tomer record; and 

transmitting the ticket to the internet terminal. 
***** 
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